OpenXchangeClient.Api.SAML (open_xchange_client v0.10.1)

API calls for all endpoints tagged SAML.

Link to this section Summary

Functions

Assertion Consumer Service SAML 2.0 Assertion Consumer Service. Accepts <Response> messages of the Web Browser SSO Profile per HTTP-POST binding.

Initiate SAML 2.0 HTTP binding flows Initiates any supported SAML 2.0 login and logout flow as described in https://documentation.open-xchange.com/latest/middleware/login/02_saml.html.

Metadata Service SAML 2.0 Metadata Service. Provides an <EntityDescriptor> XML document describing the built-in service provider configuration.

Create App Suite session after SAML login flow This API call is typically the result of a redirect created by the server. It does not need to be explicitly implemented by clients! After a successful SAML login flow, the client (web browser) is redirected to this endpoint, where the actual App Suite session gets created. As a result, the user gets redirected to https://<webmail-domain>/<login-path>#session=<session-id>. The redirect response has App Suite session cookies set.

Terminates an App Suite session after SAML logout flow This API call is typically the result of a redirect created by the server. It does not need to be explicitly implemented by clients! After a successful SAML logout flow, the client (web browser) is redirected to this endpoint, where the actual App Suite session gets terminated. As a result, the user gets usually redirected to an environment-specific location, for example a portal page. The redirect response removes all App Suite session cookies.

Single Logout Service for Logout Requests SAML 2.0 Single Logout Service. Accepts <LogoutRequest> messages from the IdP per HTTP-Redirect binding.

Single Logout Service for Logout Responses SAML 2.0 Single Logout Service. Accepts <LogoutResponse> messages of the Single Logout Profile per HTTP-POST binding.

Link to this section Functions

Link to this function

acs(connection, tenant, u_nknownbasetype, opts \\ [])

@spec acs(
  Tesla.Env.client(),
  String.t(),
  OpenXchangeClient.Model.UNKNOWN_BASE_TYPE.t(),
  keyword()
) :: {:ok, nil} | {:error, Tesla.Env.t()}

Assertion Consumer Service SAML 2.0 Assertion Consumer Service. Accepts <Response> messages of the Web Browser SSO Profile per HTTP-POST binding.

parameters

Parameters

  • connection (OpenXchangeClient.Connection): Connection to server
  • tenant (String.t): In a multi-tenant environment, where different tenants might connect to different identity providers, this parameter denotes the tenant to start a SAML flow for. In single-tenant environments this parameter is superfluous.
  • u_nknownbasetype (UNKNOWN_BASE_TYPE):
  • opts (KeywordList): [optional] Optional parameters

returns

Returns

on success {:error, Tesla.Env.t} on failure

Link to this function

init(connection, tenant, opts \\ [])

@spec init(Tesla.Env.client(), String.t(), keyword()) ::
  {:ok, nil}
  | {:ok, OpenXchangeClient.Model.InlineResponse2003.t()}
  | {:error, Tesla.Env.t()}

Initiate SAML 2.0 HTTP binding flows Initiates any supported SAML 2.0 login and logout flow as described in https://documentation.open-xchange.com/latest/middleware/login/02_saml.html.

parameters

Parameters

  • connection (OpenXchangeClient.Connection): Connection to server
  • tenant (String.t): In a multi-tenant environment, where different tenants might connect to different identity providers, this parameter denotes the tenant to start a SAML flow for. In single-tenant environments this parameter is superfluous.
  • opts (KeywordList): [optional] Optional parameters
    • :flow (String.t): One of login, relogin or logout to start the respective flow.
    • :session (String.t): Required for flow logout. A session ID to determine the correct session.
    • :redirect (String.t): Responds with 302 Found and sets the response header Location to the actual redirect URI.

returns

Returns

on success {:error, Tesla.Env.t} on failure

Link to this function

metadata(connection, tenant, opts \\ [])

@spec metadata(Tesla.Env.client(), String.t(), keyword()) ::
  {:ok, nil} | {:error, Tesla.Env.t()}

Metadata Service SAML 2.0 Metadata Service. Provides an <EntityDescriptor> XML document describing the built-in service provider configuration.

parameters

Parameters

  • connection (OpenXchangeClient.Connection): Connection to server
  • tenant (String.t): In a multi-tenant environment, where different tenants might connect to different identity providers, this parameter denotes the tenant to start a SAML flow for. In single-tenant environments this parameter is superfluous.
  • opts (KeywordList): [optional] Optional parameters

returns

Returns

on success {:error, Tesla.Env.t} on failure

Link to this function

saml_login(connection, token, opts \\ [])

@spec saml_login(Tesla.Env.client(), String.t(), keyword()) ::
  {:ok, nil} | {:error, Tesla.Env.t()}

Create App Suite session after SAML login flow This API call is typically the result of a redirect created by the server. It does not need to be explicitly implemented by clients! After a successful SAML login flow, the client (web browser) is redirected to this endpoint, where the actual App Suite session gets created. As a result, the user gets redirected to https://<webmail-domain>/<login-path>#session=<session-id>. The redirect response has App Suite session cookies set.

parameters

Parameters

  • connection (OpenXchangeClient.Connection): Connection to server
  • token (String.t): A valid session reservation token
  • opts (KeywordList): [optional] Optional parameters
    • :client (String.t): Identifier of the client using the HTTP/JSON interface. Default: Value of configuration property com.openexchange.ajax.login.http-auth.client
    • :client_user_agent (String.t): Parameter to override the user agent used for session creation. By default the User-Agent request header is evaluated.
    • :login_path (String.t): The login path to be set on the resulting Location response header as part of the redirect response. Default: Value of configuration property com.openexchange.UIWebPath.
    • :shard (String.t): Shard identifier to route the requiest accordingly

returns

Returns

on success {:error, Tesla.Env.t} on failure

Link to this function

saml_logout(connection, session, opts \\ [])

@spec saml_logout(Tesla.Env.client(), String.t(), keyword()) ::
  {:ok, nil} | {:error, Tesla.Env.t()}

Terminates an App Suite session after SAML logout flow This API call is typically the result of a redirect created by the server. It does not need to be explicitly implemented by clients! After a successful SAML logout flow, the client (web browser) is redirected to this endpoint, where the actual App Suite session gets terminated. As a result, the user gets usually redirected to an environment-specific location, for example a portal page. The redirect response removes all App Suite session cookies.

parameters

Parameters

  • connection (OpenXchangeClient.Connection): Connection to server
  • session (String.t): App Suite session ID
  • opts (KeywordList): [optional] Optional parameters

returns

Returns

on success {:error, Tesla.Env.t} on failure

Link to this function

sls_req(connection, tenant, s_aml_request, opts \\ [])

@spec sls_req(Tesla.Env.client(), String.t(), String.t(), keyword()) ::
  {:ok, nil} | {:error, Tesla.Env.t()}

Single Logout Service for Logout Requests SAML 2.0 Single Logout Service. Accepts <LogoutRequest> messages from the IdP per HTTP-Redirect binding.

parameters

Parameters

  • connection (OpenXchangeClient.Connection): Connection to server
  • tenant (String.t): In a multi-tenant environment, where different tenants might connect to different identity providers, this parameter denotes the tenant to start a SAML flow for. In single-tenant environments this parameter is superfluous.
  • s_aml_request (String.t): Base64 encoded SAML 2.0 <LogoutRequest> message.
  • opts (KeywordList): [optional] Optional parameters
    • :sig_alg (String.t): Message signature algorithm ID
    • :signature (String.t): Message signature
    • :relay_state (String.t): Message exchange relay state

returns

Returns

on success {:error, Tesla.Env.t} on failure

Link to this function

sls_resp(connection, tenant, u_nknownbasetype, opts \\ [])

@spec sls_resp(
  Tesla.Env.client(),
  String.t(),
  OpenXchangeClient.Model.UNKNOWN_BASE_TYPE.t(),
  keyword()
) :: {:ok, nil} | {:error, Tesla.Env.t()}

Single Logout Service for Logout Responses SAML 2.0 Single Logout Service. Accepts <LogoutResponse> messages of the Single Logout Profile per HTTP-POST binding.

parameters

Parameters

  • connection (OpenXchangeClient.Connection): Connection to server
  • tenant (String.t): In a multi-tenant environment, where different tenants might connect to different identity providers, this parameter denotes the tenant to start a SAML flow for. In single-tenant environments this parameter is superfluous.
  • u_nknownbasetype (UNKNOWN_BASE_TYPE):
  • opts (KeywordList): [optional] Optional parameters

returns

Returns

on success {:error, Tesla.Env.t} on failure